-
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These advisories highlight severe security flaws across INVT Electric’s engineering tools, Schneider Electric’s Modicon controllers, and Danfoss refrigeration systems, with CVSS v4 scores reaching 8.7, indicating high-severity exploitable conditions. Key Takeaways1. CISA issued […] The post CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an emergency security update for Chrome to address a critical use-after-free vulnerability (CVE-2025-9478) in the ANGLE graphics library that could allow attackers to execute arbitrary code on compromised systems. The vulnerability affects Chrome versions prior to 139.0.7258.154/.155 across Windows, Mac, and Linux platforms. The security flaw was discovered by Google’s Big Sleep […] The post Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift third-party application. The threat actor, designated as UNC6395, systematically harvested credentials and sensitive data between August 8-18, 2025, demonstrating advanced operational security awareness while executing SOQL queries across numerous Salesforce […] The post Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that can lead to remote code execution (RCE) and denial of service (DoS). Exploitation of CVE-2025-7775 has been observed in the wild against unmitigated appliances, and customers are urged to upgrade immediately. Affected versions include […] The post Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via misconfigured carriage return handling in configuration files. This flaw has already seen active exploitation, underscoring the critical need for immediate mitigation. Key Takeaways1. CVE-2025-48384 lets attackers abuse CR handling in Git configs to write arbitrary files.2. […] The post CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers can weaponize hidden prompts revealed by downscaled images to trigger sensitive tool actions and achieve data exfiltration in Gemini CLI—and similar risks extend to Google Assistant and other production AI systems, according to new research by Trail of Bits. By exploiting how AI services routinely apply image scaling, the researchers showed that a benign-looking upload can morph […] The post Hackers Can Exploit Image Scaling in Gemini CLI, Google Assistant to Exfiltrate Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp Desktop users who have Python installed on their Windows PCs are at risk of arbitrary code execution due to a flaw in how the application handles Python archive files. A maliciously crafted .pyz file can be executed with a single click, granting attackers full control over the victim’s system. Meta has yet to classify this […] The post WhatsApp Desktop Users At Risk of Code Execution Attacks with Python on Windows PCs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419. Before a patch could be rolled out to all users, proof-of-concept (PoC) exploit code had been published, and active exploitation had been observed in targeted campaigns. Key Takeaways1. CVE-2025-5419 lets attackers exploit V8 OOB read/write for remote […] The post PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern for federal agencies and private organizations alike. Key Takeaways1. CISA added two Citrix Session Recording […] The post CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […] The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
